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Amendment under 37 CFR 1.116 Expedited Procedure Examining Group 2135 



REMARKS/ARGUMENTS 

I. Status of the Claims 

This amendment is filed in response to a final office action mailed April 8, 2005. 
Prior to entry of this amendment, claims 1-52 and 56-63 are pending in the application. This 
amendment amends claims 1, 27, 36, 43 and 50 and 61. No claims have been added or canceled 
by this amendment. Hence, after entry of this amendment, claims 1-52 and 56-63 remain 
pending, and reconsideration of the pending claims is respectfully requested. 

n. Claim Amendments 

Claims 1, 27, 36, 43 and 50 have been amended to provide antecedent basis for 
terms used in those claims. 

Claim 27 also has been amended to recite "an application without a web front 
end ." This amendment adds to the claim element language from the preamble of the claim. 
Claims 50 and 61 have been amended to include similar language. 

m. Claim Rejections under 35 U.S.C. §112, If 2 

The final office action rejected claims 1, 36 and 43 under § 1 12, 1 2 as lacking 
antecedent basis for the term "said first resource." These claims have been amended to first 
recite "a first resource." The final office action also rejected claims 27 and 50 under § 1 12, Tf 2 
as lacking antecedent basis for the term "said access system interface." Claims 27 and 50 have 
been amended to remove the term "interface," thus reciting "said access system," a term which 
does have antecedent basis in the respective claims. It is believed that these amendments 
overcome all of the rejections under § 1 12, If 2, and the applicants respectfully request the 
withdrawal of these rejections. 

IV. Claim Rejections under 35 U.S.C. 5102(e) 

The final office action rejected claims 56, 59 and 60 under § 102(e) as being 
anticipated by US Patent No. 6,266,752 Bl ("Gupta"). The applicants traverse the rejections for 
at least the following reasons and respectfully request reconsideration of the rejected claims. 
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Claim 56 recites, inter alia, "receiving a request from an application without a 
web agent front end to allow said first user to access a second protected resource . . . ." Gupta 
fails to teach or suggest at least this element of claim 56. In rejecting claim 1, the office action 
describes why it interprets Gupta as disclosing an application without a web agent: "said user 
state information is from an application without a web agent front end (understood by the 
examiner as a stand alone or multiple application server, i.e., an application server not connected 
behind a web server or any other web agent."). 

This reading of Gupta, however, is directly contradicted by the disclosure of 
Gupta itself, which teaches, 

To enable an application to communicate with the 
login server and remove any authentication functionality from the 
application server, one or more embodiments may require the use 
of a web server (any server that supports servlets). A servlet is a 
software program that runs on a server. A servlet can be invoked 
by a client via a name or a URL, for example. The web server 
implements classes that provide for the performance of requested 
actions for the client. For example, a doGet method may be 
implemented to perform a GET action and a doPost method may 
be implemented to perform a POST action. The doGet and doPost 
methods are only called once a user has been validated (i.e., has a 
valid cookie) and authenticated in accordance with the invention. 
In one or more embodiments, the doGet and doPost methods are 
subclasses of an AuthHttpServlet class. Thus, any applications that 
provide for the functionality to communicate with the login server 
will work in accordance with one or more embodiments of the 
invention. 

In one or more embodiments, a web server may 
provide for the functionality to work with the login server. As a 
result, servlets (applications on the application server) are 
protected such that they only respond to client requests if the user 
has a valid cookie (or token) and has been authenticated. In one or 
more embodiments, utilizing such a web server may not require 
servlets to subclass an AuthHttpServlet class. Alternatively, 
servlets may subclass an HttpServlet class. In such a subclass, the 
doGet and doPost methods may be overridden to provide the 
desired application functionality when an authenticated user 
invokes such a servlet. Although any type of web server may be 
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utilized, an example of a web server that may provide for such 
functionality is the Java web server available from Sun 
Microsystems. 

(c. 14, 11. 28-60) 

The application disclosed by Gupta this is precisely the type of system described 
in the background of the application: "Previous attempts to provide an interface to an access 
system have required the application trying to interface with the access system to be positioned 
behind a web agent that is part of the access system. Such a configuration is inefficient, 
increases costs and increases maintenance efforts." (Application, p. 3, 11. 15-18). The 
application describes a web agent as "a component (usually software, but can be hardware or a 
combination of hardware and software) that plugs into (or otherwise integrates with) a web 
server (or equivalent) in order to participate in providing access services." (Id., p. 4, 11. 7-10). 
Thus, Gupta clearly teaches the use of an application with a web agent front end, in contrast to 
claim 56. Further, Gupta fails to disclose (or even suggest) any embodiments that do not use a 
web agent front end, and the system disclosed by Gupta in fact depends upon the use of web 
agent front end. 

Hence, Gupta merely discloses a type of application described in the background 
of the present application, and this is fundamentally different from the application recited in 
claim 56. For at least this reason, claim 56 is believed to be allowable over Gupta, as are claims 
57-60, at least because of their dependency from claim 56, and the reconsideration of those 
claims is respectfully requested. 

V. Claim Rejections under 35 U.S.C. § 103(a) 

The office action rejected the remaining claims under § 103(a) as unpatentable 
over Gupta, taken in combination with various other references. Specifically, the office action 
rejected claims 1, 2, 6, 7, 9-22, 26, 27, 31-36, 39-43, 46-50 and 61 under § 103(a) as 
unpatentable over Gupta in view of US Patent No. 6,460,141 Bl ("Olden"), claims 3-5, 8, 28-30, 
37, 44, 45, 51, 52 and 62-63 under § 103(a) as unpatentable over Gupta in view of Olden and US 
Patent No. 6,668,322 Bl ("Wood"), claims 23-25 under § 103(a) as unpatentable over the 
combination of Gupta, Olden and US Patent No. 6,286,098 Bl ("Wenig"), and claims 57 and 58 
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under § 103(a) as unpatentable over Gupta in view of Wood. These rejections are traversed, and 
the applicants respectfully request reconsideration of the rejected claims. 

In order to form a prima facie case of obviousness, an office action must show, 
inter alia, that the combined references teach or suggest each limitation of the rejected claim. 
MPEP § 706.02(j). Applicants respectfully submit that the cited references fail, individually and 
collectively, to teach or suggest each element of any rejected claim. 

Consider, for example, claim 1, which recites, inter alia, "receiving, at said 
application program interface, a request to authorize said first user to access a first resource, said 
request to authorize is from said application without a web agent front end . . . ." For 
substantially the reasons discussed above with respect to claim 56, Gupta fails to teach or suggest 
this element of claim 1 . 

Neither does the cited portion of Olden teach this element. For example, Olden 
(c. 23, 11. 58-60) teaches that "the cookie passes a Web user's credentials to the Web server plug- 
in, eliminating the need for the user to submit his or her password again. This cookie enables all 
protected Web servers 20A, 20B, 20C to share authentication information." Referring to Fig. 1, 
one can see that the "Web server plug-in" referenced in that passage is in fact an "authorizer 
plug-in," which is a component of the webservers (20A, 20B, 20C), and which interacts with the 
authorization server (24) of Olden's invention. Hence, the disclosed passage of Olden actually 
teaches the use of a web agent front end, similar to the system of Gupta, discussed above. 

For at least these reasons, the combination of Gupta and Olden fails to teach or 
suggest each element of claim 1, and claim 1 is believed to be allowable over this combination. 
For at least similar reasons, dependent claims 2-26 are believed to be allowable, since they each 
ultimately depend from claim 1. For at least similar reasons, independent claims 36 and 43 (and 
dependent claims 37-42 and 44-49, which depend therefrom) are believed to be allowable over 
the cited references. 

Independent claim 27 has been amended to recite, inter alia, "receiving, at an 
application without a web agent front end, an electronic request from a first user to access a first 
resource, said step of receiving includes receiving information from a cookie . . . ." As noted 
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above, the combination of Gupta and Olden fails to disclose an application without a web agent 
front end, and at least for reasons similar to those discussed above, claim 27 is believed to be 
allowable over the cited combination. Dependent claims 28-36, each of which ultimately depend 
from claim 26, are believed to be allowable for at least similar reasons. Independent claims 50 
and 61, each of which also have been amended to recite "an application without a web agent 
front end," (and dependent claims 51, 52, 62 and 63, which depend therefrom), are believed to be 
allowable for at least similar reasons. 

In view of the foregoing, the applicants believe all claims now pending in this 
Application are in condition for allowance and an action to that end is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 



TOWNSEND and TOWNSEND and CREW LLP 

Two Embarcadero Center, 8 th Floor 

San Francisco, California 941 1 1-3834 

Tel: 303-571-4000 

Fax: 415-576-0300 

CEK:tnd 

60503541 v1 



Respectfully submitted, 
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